Remote access to local network

US 9,345,065 B2
Filed: 11/16/2009
Issued: 05/17/2016
Est. Priority Date: 11/17/2008
Status: Active Grant

First Claim

Patent Images

1. A method of communication for enabling remote access of an access terminal to an access point, comprising:

establishing a first protocol tunnel between the access point on a local network and a security gateway;

establishing a plurality of child security associations based on the first protocol tunnel, wherein a first one of the child security associations is for carrying traffic between the access point and an operator core network and a second one of the child security associations is for carrying traffic between the access point and the access terminal;

obtaining a local network address from the access point for the access terminal to enable the access terminal to remotely access the local network via the first protocol tunnel, wherein the local network address is obtained by the access point from a router serving the local network;

establishing a second protocol tunnel between the access terminal and the security gateway after the first protocol tunnel is established;

determining that a packet is received via a first one of the first protocol tunnel and the second protocol tunnel; and

forwarding the received packet over a second one of the first protocol tunnel and the second protocol tunnel based on the determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel.

81 Citations

29 Claims

1. A method of communication for enabling remote access of an access terminal to an access point, comprising:
- establishing a first protocol tunnel between the access point on a local network and a security gateway;
  
  establishing a plurality of child security associations based on the first protocol tunnel, wherein a first one of the child security associations is for carrying traffic between the access point and an operator core network and a second one of the child security associations is for carrying traffic between the access point and the access terminal;
  
  obtaining a local network address from the access point for the access terminal to enable the access terminal to remotely access the local network via the first protocol tunnel, wherein the local network address is obtained by the access point from a router serving the local network;
  
  establishing a second protocol tunnel between the access terminal and the security gateway after the first protocol tunnel is established;
  
  determining that a packet is received via a first one of the first protocol tunnel and the second protocol tunnel; and
  
  forwarding the received packet over a second one of the first protocol tunnel and the second protocol tunnel based on the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising:
    - sending a request for the local network address on the local network to the access point, wherein the local network address is requested on behalf of the access terminal;
      
      receiving the local network address from the access point in response to the request; and
      
      sending the local network address to the access terminal.
  - 3. The method of claim 1, further comprising receiving authentication information from the access terminal, wherein:
    - the authentication information is assigned by a wide area wireless network; and
      
      the received packet is forwarded upon authentication of the packet.
  - 4. The method of claim 1, wherein the forwarding is performed by the security gateway associated with the access point.
  - 5. The method of claim 4, further comprising:
    - receiving a message from another access terminal, wherein the message requests access to a protocol tunnel to another access point;
      
      determining that the security gateway has not established the protocol tunnel to the another access point; and
      
      redirecting the another access terminal to another security gateway based on the determination.
  - 6. The method of claim 5, wherein the redirection is based on a database that maps at least one security gateway to at least one access point.
  - 7. The method of claim 1, wherein the access point comprises a femto access point.
  - 8. The method of claim 1, wherein the received packet is forwarded over the first protocol tunnel to enable the access terminal to remotely access the local network when the access terminal is not communicating with the access point via a wireless connection.
  - 9. The method of claim 1, wherein the first protocol tunnel and the second protocol tunnel comprise IPsec tunnels.
  - 10. The method of claim 1, further comprising:
    - forwarding the local network address to the access terminal via the second protocol tunnel.
  - 11. The method of claim 10, further comprising:
    - routing packets between the access terminal and the local network via the first protocol tunnel and the second protocol tunnel.
  - 12. The method of claim 1, further comprising:
    - receiving, at the security gateway, a message from the access terminal instructing the security gateway to determine whether the first protocol tunnel between the access point and the security gateway is established; and
      
      determining that the first protocol tunnel is established between the access point and the security gateway based on one or more femto identifiers received from an authentication server.
  - 13. The method of claim 12, further comprising:
    - receiving, at the security gateway, authentication information from the access terminal in conjunction with the message, wherein the authentication information includes subscription information for the access terminal;
      
      transmitting the subscription information to the authentication server for authentication of the access terminal; and
      
      receiving the one or more femto identifiers from the authentication server identifying at least the access point as an access point that the access terminal is permitted to access.
  - 14. The method of claim 1, wherein the first protocol tunnel is established through the router.
  - 15. The method of claim 1, wherein the access terminal is on a remote network that is different than an operator network for the access point.

16. An apparatus for communication for enabling remote access of an access terminal to an access point, comprising:
- a tunnel controller, comprising a processor, configured to establish a first protocol tunnel between the access point on a local network and a security gateway;
  
  the tunnel controller further configured to establish a plurality of child security associations based on the first protocol tunnel, wherein a first one of the child security associations is for carrying traffic between the access point and an operator core network and a second one of the child security associations is for carrying traffic between the access point and the access terminal;
  
  an address controller configured to obtain a local network address from the access point for the access terminal to enable the access terminal to remotely access the local network via the first protocol tunnel, wherein the local network address is obtained by the access point from a router serving the local network;
  
  the tunnel controller further configured to establish a second protocol tunnel between the access terminal and the security gateway after the first protocol tunnel is established; and
  
  a communication controller configured to determine that a packet is received via a first one of the first protocol tunnel and the second protocol tunnel, and further configured to forward the received packet over a second one of the first protocol tunnel and the second protocol tunnel based on the determination.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The apparatus of claim 16, wherein the tunnel controller is further configured to:
    - receive a message from another access terminal, wherein the message requests access to a protocol tunnel to another access point;
      
      determine that the security gateway has not established the protocol tunnel to the another access point; and
      
      redirect the another access terminal to another security gateway based on the determination.
  - 18. The apparatus of claim 16, wherein the received packet is forwarded over the first protocol tunnel to enable the access terminal to remotely access the local network when the access terminal is not communicating with the access point via a wireless connection.
  - 19. The apparatus of claim 16, wherein the address controller is further configured to forward the local network address to the access terminal via the second protocol tunnel.
  - 20. The apparatus of claim 19, wherein the communication controller is further configured to rout packets between the access terminal and the local network via the first protocol tunnel and the second protocol tunnel.
  - 21. The apparatus of claim 16, wherein the access terminal is on a remote network that is different than an operator network for the access point.

22. An apparatus for communication for enabling remote access of an access terminal to an access point, comprising:
- means for establishing a first protocol tunnel between the access point on a local network and a security gateway;
  
  means for establishing a plurality of child security associations based on the first protocol tunnel, wherein a first one of the child security associations is for carrying traffic between the access point and an operator core network and a second one of the child security associations is for carrying traffic between the access point and the access terminal;
  
  means for obtaining a local network address from the access point for the access terminal to enable the access terminal to remotely access the local network via the first protocol tunnel, wherein the local network address is obtained by the access point from a router serving the local network;
  
  means for establishing a second protocol tunnel between the access terminal and the security gateway after the first protocol tunnel is established;
  
  means for determining that a packet is received via a first one of the first protocol tunnel and the second protocol tunnel; and
  
  means for forwarding the received packet over a second one of the first protocol tunnel and the second protocol tunnel based on the determination.
- View Dependent Claims (23, 24, 25)
- - 23. The apparatus of claim 22, further comprising:
    - means for receiving a message from another access terminal, wherein the message requests access to a protocol tunnel to another access point;
      
      means for determining that the security gateway has not established the protocol tunnel to the another access point; and
      
      means for redirecting the another access terminal to another security gateway based on the determination.
  - 24. The apparatus of claim 22, wherein the received packet is forwarded over the first protocol tunnel to enable the access terminal to remotely access the local network when the access terminal is not communicating with the access point via a wireless connection.
  - 25. The apparatus of claim 22, wherein the access terminal is on a remote network that is different than an operator network for the access point.

26. A non-transitory computer-readable medium for enabling remote access of an access terminal to an access point, comprising code for causing a computer to:
- establish a first protocol tunnel between the access point on a local network and a security gateway;
  
  establish a plurality of child security associations based on the first protocol tunnel, wherein a first one of the child security associations is for carrying traffic between the access point and an operator core network and a second one of the child security associations is for carrying traffic between the access point and the access terminal;
  
  obtain a local network address from the access point for the access terminal to enable the access terminal to remotely access the local network via the first protocol tunnel, wherein the local network address is obtained by the access point from a router serving the local network;
  
  establish a second protocol tunnel between the access terminal and the security gateway after the first protocol tunnel is established;
  
  determine that a packet is received via a first one of the first protocol tunnel and the second protocol tunnel; and
  
  forward the received packet over a second one of the first protocol tunnel and the second protocol tunnel based on the determination.
- View Dependent Claims (27, 28, 29)
- - 27. The non-transitory computer-readable medium of claim 26, further comprising code for causing the computer to:
    - receive a message from another access terminal, wherein the message requests access to a protocol tunnel to another access point;
      
      determine that the security gateway has not established the protocol tunnel to the another access point; and
      
      redirect the another access terminal to another security gateway based on the determination.
  - 28. The non-transitory computer-readable medium of claim 26, wherein the received packet is forwarded over the first protocol tunnel to enable the access terminal to remotely access the local network when the access terminal is not communicating with the access point via a wireless connection.
  - 29. The computer-readable medium of claim 26, wherein the access terminal is on a remote network that is different than an operator network for the access point.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Tinnakornsrisuphap, Peerapol, Palanigounder, Anand, Jayaram, Ranjith S., Dondeti, Lakshminath R., Wang, Jun
Primary Examiner(s)
Oh, Andrew

Application Number

US12/619,162
Publication Number

US 20100124228A1
Time in Patent Office

2,374 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 1/3209   Monitoring remote activity,...

G06F 3/1454   involving copying of the di...

H04L 12/2803   Home automation networks

H04L 12/2838   Distribution of signals wit...

H04L 12/4633   Interconnection of networks...

H04L 12/66   Arrangements for connecting...

H04L 2012/285   Generic home appliances, e....

H04L 61/4511   using domain name system [DNS]

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/164   at the network layer

H04L 67/025   for remote control or remot...

H04L 67/08   specially adapted for termi...

H04L 67/125   involving control of end-de...

H04W 76/12   Setup of transport tunnels

H04W 84/045   using private Base Stations...

H04W 84/105   PBS [Private Base Station] ...

H04W 88/08   Access point devices

H04W 88/16   Gateway arrangements

H04W 92/02 : Inter-networking arrangements

View All

Remote access to local network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Remote access to local network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links